Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
EASM mistakes waiting to happen
Search
JR0ch17
January 25, 2022
Technology
0
37
EASM mistakes waiting to happen
JR0ch17
January 25, 2022
Tweet
Share
More Decks by JR0ch17
See All by JR0ch17
Traversing my way in the internal network
jr0ch17
0
140
Getting Started in Bug Bounty
jr0ch17
0
89
Getting Blindly Lucky
jr0ch17
0
67
Qu'est-ce que le bug bounty?
jr0ch17
0
100
Finding 5 bugs in a single parameter
jr0ch17
0
71
Beyond the Borders of Scope
jr0ch17
0
51
Bad API, hAPI Hackers!
jr0ch17
0
1.5k
Other Decks in Technology
See All in Technology
シンプルな設定ファイルで実現する AWS IAM Identity Center のユーザー管理と開発チームへの委譲 / Delegating AWS IAM Identity Center User Management with a Simple DSL
yamaguchitk333
3
560
2025advance01
minamizaki
0
130
プラットフォームとしての Datadog / Datadog as Platforms
aoto
PRO
1
330
研究開発部メンバーの働き⽅ / Sansan R&D Profile
sansan33
PRO
3
17k
いまさら聞けない Git 超入門 〜Gitって結局なに?から始める第一歩〜
devops_vtj
0
150
GitHub Coding Agent 概要
kkamegawa
1
1.5k
Cloud Run を解剖して コンテナ監視を考える / Breaking Down Cloud Run to Rethink Container Monitoring
aoto
PRO
0
110
What's Next in OpenShift Q2 CY2025
redhatlivestreaming
1
690
ゴリラ.vim #36 ~ Vim x SNS ~ スポンサーセッション
yasunori0418
1
320
Redmineの意外と知らない便利機能 (Redmine 6.0対応版)
vividtone
0
1.1k
オープンソースのハードウェアのコンテストに参加している話
iotengineer22
0
510
ソフトウェアテストのAI活用_ver1.10
fumisuke
0
220
Featured
See All Featured
Being A Developer After 40
akosma
91
590k
Speed Design
sergeychernyshev
30
970
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
8
750
Side Projects
sachag
454
42k
Put a Button on it: Removing Barriers to Going Fast.
kastner
60
3.9k
Thoughts on Productivity
jonyablonski
69
4.7k
BBQ
matthewcrist
88
9.7k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
194
16k
Practical Orchestrator
shlominoach
188
11k
[RailsConf 2023] Rails as a piece of cake
palkan
55
5.6k
Product Roadmaps are Hard
iamctodd
PRO
53
11k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
507
140k
Transcript
EASM mistakes waiting to happen
GET /whoami HTTP/2 Jasmin Landry JR0ch17 Lead, IT & Security
at Montreal Canadiens fan
GET /agenda HTTP/2 EASM Common mistakes Hacker perspective
GET /EASM HTTP/2 What exactly is EASM? What does it
cover? Why is it important?
GET /common_mistakes HTTP/2 Lack of Change Management Not respecting Least
Privilege Misconfigured WAFs Cloud misconfigs (S3 buckets)
GET /hacker_perspective HTTP/2 • Subdomains • IPs • TLS certificates
• Third-party apps Recon EVERYTHING • Monitor for new assets • Monitor any change Continuous Monitoring
GET /thanks HTTP/2 Thank you for listening Questions? More questions?
DMs are open on and
jr0ch17
yamaguchitk333
minamizaki
aoto
sansan33
devops_vtj
kkamegawa
redhatlivestreaming
yasunori0418
vividtone
iotengineer22
fumisuke
akosma
sergeychernyshev
irinanazarova
sachag
kastner
jonyablonski
matthewcrist
afnizarnur
shlominoach
palkan
iamctodd
chriscoyier
